Zsh Mailing List Archive Messages sorted by: Reverse Date, Date, Thread, Author

PGP key question

X-seq: zsh-users 23690
From: Clark Dunson <cdunson@xxxxxxxxxxxxxxx>
To: "zsh-users@xxxxxxx" <zsh-users@xxxxxxx>
Subject: PGP key question
Date: Tue, 2 Oct 2018 01:21:03 +0000
Accept-language: en-US
Authentication-results: spf=none (sender IP is ) smtp.mailfrom=cdunson@xxxxxxxxxxxxxxx;
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sstinc.onmicrosoft.com; s=selector1-shotspotter-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=aBbTaIY0NkEgHDSk6oMuSCWsYn3uWTreqRknglTIaug=; b=iFjxZJg5j4rLx+wpRbffwE3YlTQH15rt5fe8iWxIakl4TYv17Y3zREmjHBkkCL4U7klpSrTikQLpljZwx+G7WIVIczJ7q/m7dK8bJX6ASGoFovWXQSrQiIMj8YMuCgS0bifFKFTx/eN9q1QZzSm8ondz5KwoUQYU+YRhPbyqwP8=
List-help: <mailto:zsh-users-help@zsh.org>
List-id: Zsh Users List <zsh-users.zsh.org>
List-post: <mailto:zsh-users@zsh.org>
List-unsubscribe: <mailto:zsh-users-unsubscribe@zsh.org>
Mailing-list: contact zsh-users-help@xxxxxxx; run by ezmlm
Spamdiagnosticmetadata: NSPM
Spamdiagnosticoutput: 1:99
Thread-index: AQHUWe4vbVTNAZH+F0avmV7V6SlAnA==
Thread-topic: PGP key question

On the site it says:


All files are signed with the following OpenPGP<https://en.wikipedia.org/wiki/Pretty_Good_Privacy> keys:

pub   2048R/4BDB27B3 2015-11-25

      Key fingerprint = F7B2 754C 7DE2 8309 1466  1F0E A71D 9A9D 4BDB 27B3

uid                  Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>

sub   2048R/4C58D718 2015-11-25



pub   rsa3072 2013-06-11 [SC] [expires: 2020-07-01]

      E96646BE08C0AF0AA0F90788A5FEEE3AC7937444

uid           [ unknown] Daniel Shahaf

uid           [ unknown] Daniel Shahaf

sub   rsa3072 2013-06-11 [E] [expires: 2020-07-01]

sub   rsa4032 2017-06-28 [S] [expires: 2020-07-01]

But I get:


~/Downloads$ gpg --verify zsh-5.6.2.tar.xz.asc zsh-5.6.2.tar.xz

gpg: Signature made Fri Sep 14 05:58:34 2018 PDT

gpg:                using RSA key 6EB60B637CE5ACBF2449A2DADB27E997429AF20C

gpg: key A5FEEE3AC7937444: 26 signatures not checked due to missing keys

gpg: key A5FEEE3AC7937444: public key "Daniel Shahaf <danielsh@xxxxxxxxxx>" imported

gpg: marginals needed: 3  completes needed: 1  trust model: pgp

gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u

gpg: next trustdb check due at 2022-10-02

gpg: Total number processed: 1

gpg:               imported: 1

gpg: Good signature from "Daniel Shahaf <danielsh@xxxxxxxxxx>" [unknown]

gpg:                 aka "Daniel Shahaf <d.s@xxxxxxxxxxxxxxxxxx>" [unknown]

gpg: WARNING: This key is not certified with a trusted signature!

gpg:          There is no indication that the signature belongs to the owner.

Primary key fingerprint: E966 46BE 08C0 AF0A A0F9  0788 A5FE EE3A C793 7444

     Subkey fingerprint: 6EB6 0B63 7CE5 ACBF 2449  A2DA DB27 E997 429A F20C

Is there a concern here?

Thank you!

Clark

Follow-Ups:
- Re: PGP key question
  - From: Ben Oliver

Messages sorted by: Reverse Date, Date, Thread, Author